2272112 – (CVE-2024-26150) CVE-2024-26150 backstage/backend-common: path traversal through symlinks

Bug 2272112 (CVE-2024-26150) - CVE-2024-26150 backstage/backend-common: path traversal through symlinks

Summary: CVE-2024-26150 backstage/backend-common: path traversal through symlinks

Keywords:
Status:	NEW
Alias:	CVE-2024-26150
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2272106
TreeView+	depends on / blocked

Reported:	2024-03-28 21:04 UTC by Robb Gatica
Modified:	2024-04-19 10:30 UTC (History)
CC List:	5 users (show)
Fixed In Version:	backstage/backend-common 0.21.1, backstage/backend-common0.20.2, backstage/backend-common 0.19.10
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Robb Gatica 2024-03-28 21:04:04 UTC

Description:
In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10.

Note: the fix for this issue is already incorporated in RHDH 1.1.x. 

https://github.com/backstage/backstage/commit/1ad2b1b61ebb430051f7d804b0cc7ebfe7922b6f
https://github.com/backstage/backstage/commit/78f892b3a84d63de2ba167928f171154c447b717
https://github.com/backstage/backstage/commit/edf65d7d31e027599c2415f597d085ee84807871
https://github.com/backstage/backstage/security/advisories/GHSA-2fc9-xpp8-2g9h

Note You need to log in before you can comment on or make changes to this bug.